Who is The Integrity Framework for?

Two audiences. Buyers vetting AI tools at the team or department level where SOC 2 is the wrong shape. Founders building sub-enterprise AI products who want a credential that demonstrates trustworthiness without faking enterprise compliance.

Two tiers. Bronze: a public INTEGRITY.md at the repo or product website with all six Layer 1 vetoes self-mapped. Silver: Bronze plus one of either integrity-cli green against the public repo, or a public methodology page with a versioned changelog. Gold is deferred to a future framework version.

How is The Integrity Framework different from SOC 2?

SOC 2 is an audited control framework for service organizations, scoped at enterprise spend levels and priced accordingly. The Integrity Framework is a self-mapped standard with public artifacts that buyers can verify themselves. It is designed for the segment SOC 2 prices out — small AI tools, indie products, sub-$5K-ARR purchases.

How does a product get listed?

Founder submits the listing with the required artifact links. Startvest reads the INTEGRITY.md and verifies the tier credential. Approved listings publish with a tier badge. Quarterly re-scans run; framework version bumps trigger re-verification.

Is The Integrity Framework forkable?

Yes. The framework is published under CC BY 4.0 at the canonical URL. Anyone can fork it for their own segment. The directory at theintegrityframework.org indexes products that map against the canonical Startvest version of the framework.

Who runs The Integrity Framework?

The Integrity Framework is published and operated by Startvest LLC, a veteran-owned, SDVOSB-certified company. The directory is at theintegrityframework.org; the canonical framework spec lives at claritylift.ai/framework/v1.

About the framework

What is The Integrity Framework?

The Integrity Framework is a published standard for product trustworthiness aimed at sub-enterprise AI tools, the segment where SOC 2 audits do not apply. Founders self-map their product against six pre-build vetoes, post a public INTEGRITY.md, and the directory at theintegrityframework.org publishes them with a Bronze or Silver tier badge that buyers can verify on their own.

Who it is for

Two audiences. Both meet at the same gap.

Buyers vetting AI tools at the team or department level, where SOC 2 is the wrong shape — the spend is too small, the contract is too short, the purchase decision is one person, not procurement.
Founders building sub-enterprise AI products who want a credential that demonstrates trustworthiness without faking enterprise compliance theater.

The two tiers

Bronze

A public INTEGRITY.md at the repo or product website, with all six Layer 1 vetoes self-mapped. About half a day of honest reflection for a thoughtful founder.

Silver

Bronze, plus one of: integrity-cli green against the public repo, or a public methodology page with a versioned changelog. Founder picks the credential that fits the product shape.

Gold is deferred to a future framework version. The directory will not retrofit a tier no one at this segment can reach.

How it works

Read the framework. The canonical spec lives at claritylift.ai/framework/v1 under CC BY 4.0. Forkable by design.
Self-map your product. Write an INTEGRITY.md that addresses each of the six Layer 1 vetoes by name. Honest mappings only — the directory rejects cosmetic fills.
Earn the credential (Silver only). Run integrity-cli against your public repo and ship the green output, or publish a versioned methodology page.
Submit to the directory. The Startvest team reads the INTEGRITY.md and verifies the tier. Approved listings publish with a tier badge.
Re-scanned quarterly. Framework version bumps trigger re-verification. Listings that drop tier are downgraded transparently.

What The Integrity Framework is not

Not a substitute for SOC 2, ISO 27001, or HIPAA where those legitimately apply.
Not an audit. The directory verifies artifacts, not procedures.
Not a paid certification. Listings are free; the credential is the public artifact.
Not enterprise theater. The framework names trust-arbitrage and theater-versus-substance as failure modes specifically.

Frequently asked questions

What is The Integrity Framework?: The Integrity Framework is a published standard for product trustworthiness aimed at sub-enterprise AI tools, the segment where SOC 2 audits do not apply. It defines six pre-build vetoes, seven architectural constraints, and seven operational guardrails, and publishes a public directory of products that have self-mapped against them at the Bronze or Silver tier.
Who is The Integrity Framework for?: Two audiences. Buyers vetting AI tools at the team or department level where SOC 2 is the wrong shape. Founders building sub-enterprise AI products who want a credential that demonstrates trustworthiness without faking enterprise compliance.
What are the tiers?: Two tiers. Bronze: a public INTEGRITY.md at the repo or product website with all six Layer 1 vetoes self-mapped. Silver: Bronze plus one of either integrity-cli green against the public repo, or a public methodology page with a versioned changelog. Gold is deferred to a future framework version.
How is The Integrity Framework different from SOC 2?: SOC 2 is an audited control framework for service organizations, scoped at enterprise spend levels and priced accordingly. The Integrity Framework is a self-mapped standard with public artifacts that buyers can verify themselves. It is designed for the segment SOC 2 prices out — small AI tools, indie products, sub-$5K-ARR purchases.
How does a product get listed?: Founder submits the listing with the required artifact links. Startvest reads the INTEGRITY.md and verifies the tier credential. Approved listings publish with a tier badge. Quarterly re-scans run; framework version bumps trigger re-verification.
Is The Integrity Framework forkable?: Yes. The framework is published under CC BY 4.0 at the canonical URL. Anyone can fork it for their own segment. The directory at theintegrityframework.org indexes products that map against the canonical Startvest version of the framework.
Who runs The Integrity Framework?: The Integrity Framework is published and operated by Startvest LLC, a veteran-owned, SDVOSB-certified company. The directory is at theintegrityframework.org; the canonical framework spec lives at claritylift.ai/framework/v1.

Read the framework Browse the directory Submit a listing